i tried to add these lines into above file, but conntrack table do not decrease:
net.netfilter.nf_conntrack_tcp_timeout_established = 600
net.netfilter.nf_conntrack_generic_timeout = 120
then i tried # sysctl -p